I need some help in understanding the security risks if I want to use OAuth 2.0

Question

I need some help in understanding the security risks if I want to use OAuth 2.0 (Facebook, Twitter and G+) as standard login provider for an E-Commerce site. Keeping in mind that I will not be saving Credit Card information on the site or in any of the data stores. I would be utilising services such as PayPal (And Similar Services)/EFT to achieve payment methods. I had a quick glance at this documentation for standard security assessments. But still no where closer to understand if the OAuth 2.0 would be a viable authentication option. Any advice would be great. I have the Same question posted on Stackoverflow

Explanation / Answer

Don't do authentication to outside OAuth sources if you plan to store any PII (personally identifiable information) like names and addresses, it exposes you to data theft liability if someone hacks the other systems, and you may never even know it happened. You could also have problems if your customer gets locked out of their FaceBook account and you can't do anything to fix it. OAuth is fine for web page comments, but not for paying customers.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects